Privacy Notice

STEAMING LTD - Full Privacy Notice

Introduction

These days people are rightly becoming more concerned about the amount of detailed information companies have been gathering about us and how it is being traded and used to control the information we see and the choices we make.

We have thought carefully about this. Steaming Ltd does not trawl for data to trade with other commercial companies but we do need some information to enable us to provide a good service. For example, we need contact details to contact you with information about your training or purchases. We need to share these with the post office or courier services if we send you letters or parcels. We have security cameras, so if you visit our offices you and your car licence plate could be recorded.

The truth is that whenever we go out we are being recorded these days and we are giving away large volumes of data without realising it each time we log into a public wifi or allow an app to access our location. We all need to be more careful.

This Privacy Notice explains in detail the types of personal data we at Steaming Ltd may collect about you when you interact with us in various ways. It also explains how we’ll store, handle and protect that data

We want you to be fully informed about your rights, and how Steaming Ltd uses your data, so we have included quite a lot of information here. We hope the following sections will answer any questions you have but if not, please do get in touch with us.

We are all learning so this notice is likely to change over coming months.

The Legal Framework

Steaming Ltd is a company registered and based in the UK. It was founded in 1998 as a training, publishing and media company. It mainly provides training in the UK, Europe and Asia Pacific Region. It produces books in print, audio and digital format along with audio visual media productions. It also provides script writing and consultancy services.

Since 2006 it has provided expert witness services. In this capacity it acts as data processor for solicitors or officers of the Crown in their capacity as data controllers.

The law on data protection sets out a number of different reasons why a company may collect and process your personal data.

Consent - In specific situations we can collect and process your data with your consent. (For example, when you tick a box to receive Steaming Ltd emails and/or newsletters, or when you sign up for a course).

Contractual obligations - In certain circumstances, we need your personal data to comply with our contractual obligations. (For example, if you order training, consultancy, or an item from us for home delivery, we’ll collect your address details and pass them to the trainers delivering your course or the consultant assisting you, so that they can make contact or find you to deliver your order).

Legal compliance - If the law requires us to, we may need to collect and process your data. (For example, we can pass on details of people involved in fraud or other criminal activity affecting our business to law enforcement. We may also be asked to provide information in relation to civil legal cases and other official investigations).

Legitimate interest - In specific situations, we may require your data to pursue our legitimate business interests in a way that does not materially impact on your rights, freedom or interests.

How we collect your personal data

Data can be collected in a variety of ways.

When you visit our website and log-on to your account to access information or buy products and services from Steaming Ltd on the phone, or online.

When you make an online order and check out as a guest (in which case we just collect transaction-based data).

When you register to create an account with us.

When you communicate with us and/or purchase a product or service by email, text or phone.

When you give legal instructions to an expert witness working on behalf of Steaming Ltd.

When you contact us by any means with queries, comments, compliments, complaints etc.

When you complete signing-in sheets as part of a training course.

When you complete course registration documents at the beginning of a training course.

When you complete an evaluation at the end of a training course.

When you complete a quiz as part of your training course.

When trainers complete their own training records of what was taught on your course and who attended.

When you complete surveys or questionnaires we send you.

When you fill in any forms in relation to our business with you. For example, if an accident happens we may collect your personal data as part of the record.

We may collect data from publicly-available sources (such as Land Registry and Google Maps) when you have given your consent to share information or where the information is made public as a matter of law.

When you visit our premises which have CCTV systems operating for the security of both customers and Steaming Ltd. These systems may record your image and car registration during your visit.

What sort of personal data we collect

A variety of data may be collected.

If you have a web account with us, your name, gender, date of birth, billing/delivery address, orders and receipts, email and telephone number may be recorded.

For your security, we’ll also keep an encrypted record of your login password.

Details of your interactions with us. For example, we may keep notes from our conversations with you, details of any compliments, comments or complaints you make, details of purchases you have made from us and records of communications by email.

Copies of any documents you provide to prove your age or identity, where the law requires this. (For example, your passport and driver's licence). This will include details of your full name, address, date of birth and facial image. If you provide a passport, the data will also include your place of birth, gender and nationality.

Details of your visits to our website and contributions to online conversations.

Why we need to collect your personal data

We collect your personal data to enable us to process your orders and comply with our legal obligations. Your details may need to be passed to a third party to supply or deliver the product or service that you ordered, and we may keep your details for a reasonable period afterwards in order to fulfil any contractual obligations such as refunds, guarantees and so on. Training may be delivered on our behalf by independent contractors who are also responsible for complying with GDPR.

We need to keep records to inform future communications (for example to respond to queries, refund requests and complaints and, more commonly, to provide references, advice and support).

We do this on the basis of our contractual obligations to you, our legal obligations and our legitimate interests in providing you with the best service.

We also need to protect our business and your account from fraud and other illegal activities. This includes using using your personal data to maintain, update and safeguard your account.

We may also monitor your browsing activity with us to quickly identify and resolve any problems and protect the integrity of our websites. For example, by checking your password when you log-in and using automated monitoring of IP addresses to identify possible fraudulent log-ins from unexpected locations. We’ll do all of this as part of our legitimate interest.

To protect our customers, premises, assets and Steaming Ltd from crime, we operate CCTV systems in our business premises which record images for security. We do this on the basis of our legitimate business interests.

If we discover any criminal activity, or alleged criminal activity, through our use of CCTV, fraud monitoring and suspicious transaction monitoring, we will process this data for the purposes of preventing or detecting unlawful acts. We aim to protect the individuals we interact with from criminal activities.

How we protect your personal data

Data security matters to all our customers. We treat your data with the utmost care and take all appropriate steps to protect it. We secure access to all transactional areas of our websites using ‘https’ technology. Access to your personal data is password-protected, and sensitive data (such as payment card information) is secured by SSL encryption.

How long will we keep your personal data

Whenever we collect or process your personal data, we only keep it for as long as is necessary for the purpose for which it was collected.

At the end of that retention period, your data will either be deleted completely or anonymised, for example by aggregation with other data, so that it can be used in a non-identifiable way for statistical analysis and business planning.

Steaming Ltd retains business records, training summary evaluations, course registration documents and contracts for a period of 7 years after they expire.

In relation to Expert Witness Services ,all personal data collected by the instructing solicitors will be returned to them after the case has been resolved.

Who do we share your personal data with

We sometimes need to share your personal data with trusted third parties. For example, delivery couriers, consultants visiting you, and trainers all need your contact details. We provide only the information they need to perform their specific services.

They may only use your data for the exact purposes we specify in our contract with them. We work closely with them to ensure that your privacy is respected and protected at all times.

If we stop using their services, any of your data held by them will either be deleted or rendered anonymous. Examples of the kind of third parties we work with are:

For fraud management, we may share information about fraudulent or potentially fraudulent activity in our premises or systems. This may include sharing data about individuals with law enforcement bodies.

We may also be required to disclose your personal data to the police or other enforcement, regulatory or Government body, in your country of origin or elsewhere, upon a valid request to do so. These requests are assessed on a case-by-case basis and take the privacy of our customers into consideration.

We may, from time to time, expand, reduce or sell Steaming Ltd and this may involve the transfer of divisions or the whole business to new owners. If this happens, your personal data will, where relevant, be transferred to the new owner or controlling party, under the terms of this Privacy Notice.

Sometimes we may need to share your personal data with third parties and suppliers outside the European Economic Area (EEA), such as Australia. If you are based outside the UK and place an order with us, we will transfer the personal data that we collect from you to Steaming Ltd in the UK. The EEA includes all EU Member countries as well as Iceland, Liechtenstein and Norway. We may transfer personal data that we collect from you to third-party data processors in countries that are outside the EEA.

For example, this might be required in order to fulfil your order, process your payment details or provide support services. Any transfer of your personal data will follow applicable laws and we will treat the information under the guiding principles of this Privacy Notice.

Your rights over your personal data

You have the right to request access to the personal data we hold about you, free of charge in most cases. You are also able to correct any of your personal data on the website if it is incorrect, out of date or incomplete. For example, when you withdraw consent, or object and we have no legitimate overriding interest, or once the purpose for which we hold the data has come to an end.

You have the right to request a copy of any information about you that Steaming Ltd holds at any time, and have that information corrected if it is inaccurate. To ask for your information, please email GDPR@steaming-training.co.uk. If we choose not to action your request we will explain to you the reasons for our refusal.

If you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent.

In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.

To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Notice. If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.

Contacting the Regulator

If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.

By using our services or providing your personal data to us, you expressly consent to the processing of your personal data by us or on our behalf. Of course, you still have the right to ask us not to process your data in certain ways, and if you do so, we will normally respect your wishes.

Many IT providers store data in servers which are located outside of the UK. (For example, iCloud, Dropbox, and Amazon Web Services). Sometimes we’ll need to transfer your personal data between countries to enable us to supply the goods or services you’ve requested. In the ordinary course of business, we may transfer your personal data from your country of residence to ourselves and to third parties located in the UK. By dealing with us, you are giving your consent to this overseas use, transfer and disclosure of your personal data outside your country of residence for our ordinary business purposes.

This may occur because our information technology storage facilities and servers are located outside your country of residence, and could include storage of your personal data on servers in the UK.